I am currently attempting to run Volatility3, but I have encountered an error which is caused by yara failing on import.
The main issue is I am unable to import yara even on CMD by typing python then import yara, doing so would get an error like this:
FileNotFoundError: Could not find module 'C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.3312.0_x64__qbz5n2kfra8p0\DLLs\libyara.dll' (or one of its dependencies). Try using the full path with constructor syntax.
Full Error
Failed to import 'C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.3312.0_x64__qbz5n2kfra8p0\DLLs\libyara.dll'
PATH = (***other programs within the path such as git***);C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.3312.0_x64__qbz5n2kfra8p0\DLLs
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Users\User\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\yara\__init__.py", line 7, in <module>
from yara.rules import compile
File "C:\Users\User\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\yara\rules.py", line 17, in <module>
from yara.libyara_wrapper import *
File "C:\Users\User\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\yara\libyara_wrapper.py", line 315, in <module>
libyaradll = cdll.LoadLibrary(library)
File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.3312.0_x64__qbz5n2kfra8p0\lib\ctypes\__init__.py", line 452, in LoadLibrary
return self._dlltype(name)
File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.3312.0_x64__qbz5n2kfra8p0\lib\ctypes\__init__.py", line 374, in __init__
self._handle = _dlopen(self._name, mode)
FileNotFoundError: Could not find module 'C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.3312.0_x64__qbz5n2kfra8p0\DLLs\libyara.dll' (or one of its dependencies). Try using the full path with constructor syntax.
These are some of the stuff I've attempted
- Installing yara source from Github and and running setup.py without any errors
- Uninstalled and reinstalled via pip
- Run requirement.txt, it says I've fulfilled the requirements
Some other notes:
My OS is Win11
My python version is 3.9.12
Based on the error I received, I believe the libyara library is missing, I've tried looking up on many other solutions online but no luck on fixing this issue. Any help provided on this matter will be greatly appreciated.
While this is not the best solution, my solution of this issue is to not use Windows for Volatility3.
If you are on a windows machine, just use a VM and plug any Linux distro into it and it will work instantly (at that time I was using Kali). This more or less resolved the issue I was facing and got what I wanted from memory forensic on Volatility3.
Edit: This seems like a specific issue to python3 if installed via Microsoft Store, I tried reinstalling Python3 with stuff like
Scoop.shand I have fixed the issue.